SpamAssassin scoring anomalies since WHM 11.52

Hello,

I've got five machines on 11.52 now. Ever since updating to 11.52, some part of the updated SpamAssassin is causing significant amounts of legitimate email to be scored much much higher than it should be.

My typical configuration:
a. SpamAssassin enabled per user
b. Default Spam Score 5
c. Many customers set SpamAssassin autodelete at somewhere between 5 and 9
d. DCC / Pyzor / Razor2 / iXhash

Ever since 11.52 and the newly updated rules and addition of P0f.cf and KAM.cf, I am seeing very significant amounts of email with spam scores well above 10 -- emails that are absolutely legitimate and should never be scoring anywhere near that value.

I really have to call foul and suspect that something is thoroughly amiss in the current SpamAssassin.

Sure, many admins/end-users may never be using "auto-delete", and sure if a customer is using "auto-delete" they should be prepared for the possibility of potentially devnull'ing legitimate email. However, historically [for years] I've run this setup this way with nary a complaint from a customer and nary a sign of a false positive devnull. That is, until 11.52 came out.

Now on some accounts I'm seeing 75% of a customer's legitimate inbound email being devnulled. Even if they set their auto-delete score up to 8, something in SpamAssassin is causing legitimate emails to score so much higher now (10 and above) that it is really wreaking havoc.

I think somebody at cPanel really needs to look into what is going on. Sure, new spamassassin updates should be nailing more spam -- but it definitely should not be nailing more legitimate email.

I've got one customer who between Nov 8 and Nov 17 had 1947 legitimate emails devnulled -- emails that were historically always passing through with spam scores well under '5'.

Does anybody know if there is a way to BULK disable SpamAssassin Autodelete on ALL accounts on the server? When I disable auto-delete, there are going to be tons of emails coming in that the users haven't gotten for the past week and they will have [SPAM] in the subject line. Disabling / adjusting auto-delete will not solve the problem. the problem is somewhere else -- legitimate email should not be scoring so much higher in the spam score.

Mike

 

Disappointed -- both in my self and cPanel.

In Exim Configuration Manager --> Apache SpamAssassin Options the following are new / enabled by default:

KAM
P0F
BAYES_POISON_DEFENSE
CPANEL's custom stuff used at CPANEL.NET

I disabled them all. I'm sure this nifty combination is what has created havoc on my servers, and I don't have time right now to even bother to try to figure out specifics.

Be forewarned that if you have all of those enabled, you too could very well be having much of your/your customers' legitimate email scored higher than it ought to be.

mike